I had already installed Apache. I am using PHP for my scripting in localhost. Need to know how to run the perl script.
I have installed sudo aptitude install libapache2-mod-perl2
I have created a directory name cgi-bin in my /var/www/cgi-bin
there inside this folder i have kept my perl script perl_1.pl
The directory permissions are given.
What more i have to do to run the script????
i just type http://localhost/cgi-bin/
and i got error 403
You don't have permission to access /cgi-bin/ on this server.
please help!!
Thanks
you can't read the cgi-bin contents. You must refer directly to one of the scripts in it, in this case: http://localhost/cgi-bin/perl_1.pl
Outside of that, ensure that your cgi-bin/ directory is actually treated as such in httpd.conf.
Oh, and in case you stumble on 500 afterwards: make sure that your perl script prints a valid HTTP header. This can easily be achieved by:
use CGI qw(:standard);
print header();
And as Pwex pointed out: make sure your script has the executable bit set.
chmod 755 perl_1.pl
...should work in most cases
Additionally, for future reference it is worth mentioning mod_perl, as it is a natural next step after getting the basics of cgi + perl + apache down. Going into detail about it would be beyond the scope of this answer, but I thought I'd mention it so that you know where to go next when you've got the basics nailed down as well as seen the limitations of cgi.
How's your Apache configured ?
Did you make sure you're telling the Apache to execute CGI script in the cgi-bin directory ?
Something like:
ScriptAlias /cgi-bin/ "/var/www/website/cgi-bin/"
<Directory "/var/www/website/cgi-bin/">
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
...
</Directory>
If you are not tied to apache or can run these scripts on different port then you can use Plack/PSGI toolchain that have solutions to run old CGI scripts as PSGI applications. See Running CGI scripts on Plack for several ways to do it.
Related
I have an error with perl while trying to CREATE a file called .envfile in the root dir / (only for UNIX). Permission denied, which is understood. But, is there a way to write this file? I need to do it without any modules, just with a built-in functions. I expect for using chmod, but... honestly, have no idea of how to implement it in the same thread SAFELY.
I need this file to write in it my own ENVs for my software (as it is a big project with many dirs and needs to operate with many own ENVs).
Trying simple:
my $filename = '.envfile';
open FH, '>', $filename or die $!;
print FH "some data\n";
close(FH);
Apache says: Permission denied at /var/www/cgi-bin/env.cgi line 41.
Any help appreciated!
Thanks!
If I understand the question correctly, it appears that you also control the software which will ultimately read the file you're trying to create. Is that accurate? If so, change the program to get its environment from somewhere else. Where else? Preferably a new directory, so that you can make it writable by your web server without affecting anything else. I'd probably use /etc/myprogram (because /etc is the standard place for configuration files) or /var/local/myprogram (because /var is the standard place for persistent data files). But not an existing directory which is and should remain writable solely by root.
Short of exploiting a security flaw, Perl does not allow you to sidestep filesystem security (permissions). And that is a Good Thing. If it were allowed, it would mean that anyone who finds an exploit in your Perl code could then change any file on your computer, potentially replacing it with the most malicious code ever written.
Thus, the only way that your Perl can create a file in / is if it runs as root or uses su/suid to run some other program as root. And you really, really, really do not want CGI scripts or web applications running as root because, unless you do everything absolutely perfectly in your code, and there are no exploitable bugs in perl itself, or apache, or the kernel, then, by running your web code as root, you're potentially handing root access to any random script kiddie on the internet.
If you really, truly, absolutely have no choice other than to have web-accessible code write arbitrary files to /, then the least-bad, least-insecure way to do it would be to create a very tiny helper program which takes a file name and file contents as inputs, checks to verify that the named file does not already exist (so that an attacker can't use it to overwrite, say, your kernel), and then creates the named file with the provided contents. Aside from maybe a little additional sanity/security checking, it should do absolutely nothing else because the more complex this helper program is, the more likely it is to contain exploitable flaws. Then have the web code use suid to run the helper program, with suid configured to allow the web user (and only the web user) to run the helper program (and only the helper program) with no password.
But don't do that unless you really, truly, absolutely have no other option. It is not the best way to do it, it is the least bad way. Which means it's still a bad idea.
Create the file 'by hand' and set it's owner to the owner of the apache process, e.g.:
sudo touch /.envfile
sudo chown www-data:www-data /.envfile
sudo chmod u+rw /.envfile
You're executing your Perl program as a user without sufficient privilege. Run the Perl program using a user with sufficient privilege (e.g. using sudo or su).
I'm trying to run ssh, mkdir from a Perl CGI script. It's not working. But in normal Perl script, it is working fine. Can any one tell me how to run commands in a Perl CGI script?
If you're running this script via a webserver, chances are the active user (e.g. "nobody", "www", etc) may not have the necessary privileges to execute commands like mkdir and ssh. If so, that is not something that perl can fix. You can test who the active user is with something like:
print "The active user is: ", `whoami`;
It is also a security concern, to have your web user privileges set to create files and perform commands.
system() or popen() are probably what you're looking for, if you're feeling dirty I think you can use back ticks too.
Do you need to run unix commands? Perl has a built-in mkdir, and there are modules to handle SSH. Normally a CGI process is going to have limited capabilities or access to the system. The more you can do in Perl the better.
I'm trying to write a perl script that redirects its stdin to a remote machine and at the same time redirects the stdout of the remote machine to its stdout:
callingProgram <--> myScript <--> sshTunnelToRemote
See this question and bdonlan's answer for the purpose of the script.
First I tried to use the open2() function from the IPC library but for reasons described here it doesn't seem to be a good approach, I didn't even get a simple grep command working.
My second idea was to use the Net::SSH::Perl or the Expect libraries but they're not available on the machine where the script is supposed to be executed and I can't install libraries there.
So my question is what could be a simple way to achieve what I want? Solutions using [ba]sh or even C++ are also possible. The targeted platform is Solaris 10.
Seems like you could probably get away with nothing more than system() — don't pass the data from your stdin to ssh's stdin and from your stdout to ssh's stdout; just let ssh inherit your stdin and stdout. Unless you need to modify the data in transit somehow.
cpanminus can do this for you
Running:
cd ~/bin
curl -LO http://xrl.us/cpanm
chmod +x cpanm
Now you can try your problem using the right tools (e.g. Net::SSH::Perl).
The power of perl is cpan, and cpanminus gives you the ability to install whatever you need even if you don't have permission to install to the system-wide libraries.
Read the module documentation for the full details.
I am running Apache/PHP under Ubuntu
When I run the .cgi file, by going at http://localhost/mycgi.cgi, the browser will display the code instead of running it.
How do I make the browser execute the CGI file instead of showing its contents?
Add these lines to your apache2.conf file
<Directory /usr/local/apache2/htdocs/somedir>
Options +ExecCGI
</Directory>
AddHandler cgi-script .cgi .pl
Obviously, CGI execution is not set up properly. Did you try the tutorial?
Usually, all CGI scripts are put into a certain location such as cgi-bin. Only the files present in that folder are executed at all. Otherwise, they are treated as normal files and the web server simply returns them as source.
The tutorial shows you the alternatives that you can use to make the scripts being executed instead of just being returned as text files.
Make sure that the shebang line in your .cgi or .pl file is correct. The shebang line tells Apache where the Perl interpreter is (the Perl interpreter is the perl.exe file).
The Apache tutorial says:
Your first CGI program
The following is an example CGI program that prints one line to your browser. Type in the following, save it to a file called first.pl, and put it in your cgi-bin directory. #!/usr/bin/perl
print "Content-type: text/html\n\n";
print "Hello, World.";
So here the shebang line is #!/usr/bin/perl
However, if perl.exe is located in a different folder, then #!/usr/bin/perl needs to be changed! This is true even for Windows users who, normally, can completely ignore and omit the shebang line. (Why the tutorial doesn't mention this fact, i don't know - i guess they didn't realise that some people always ignore the shebang line?)
For example, when I installed Perl it was automatically suggested that i install Perl in C:\Program Files (x86)\Perl64
Inside my Perl64 folder is folder called 'bin' and inside that is perl.exe
So i had to change the shebang line to: #!C:/Program Files (x86)/Perl64/bin/perl.exe
before i could get cgi scripts to work with Apache.
This foxed me on Amazon Ubuntu 14.04. I had a configuration that had 'worked' for a few years:
sudo a2enmod cgi
sudo service apache2 restart
Sorted this out for some existing Perl scripts with a .cgi extension and the existing virtual host configuration. Also wrong [not this problem but associated with this upgrade]:
virtual.host
needed to become
virtual.host.conf
before it was recognised as valid.
I wrote a very simple perl script, and now I want to make it executable from everywhere.
I know I could just drop it into /bin/, rename it from 'mytest.pl' -> 'mytest', and chmod +x, but is this standard practice? I noticed nothing in /bin/ is a perl script.
Also, I want it to be able to log to /var/logs/mytest/*
Are there any security issues I should be aware of?
It is preferable to put user-made scripts in /usr/local/bin , but it's your call whether it's worth worrying about this. As far as logging to /var/logs/mytest/*, you can try to make the script suid (this is sometimes not allowed for security) with a user that can write to the dir, or just make /var/logs/mytest world-writable.
Instead of worrying about log file permissions issues, why not log to the system logger? That's what it's there for. See Sys::Syslog